公开(公告)号：US12028441B2

公开(公告)日：2024-07-02

申请号：US17509490

申请日：2021-10-25

Applicant: SAP SE

Inventor： Marc Alexander Roeder ,  Roland Lucius ,  Vladislav Dexheimer

IPC: H04K1/00 ,  G06F21/60 ,  H04L9/00 ,  H04L9/06 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/0618 ,  G06F21/602 ,  H04L9/30 ,  H04L9/3247

Abstract: Disclosed herein are system, method, and computer program product embodiments for encrypting and decrypting a sensitive data item using a zero-knowledge encryption protocol. An embodiment operates by receiving a request to decrypt the sensitive data item from a client. The embodiment retrieves the requested sensitive data item from a data store. The embodiment generates a result set by replacing a ciphertext value of the sensitive data item to be stored in the result set with a placeholder identifier. The embodiment retrieves a data encryption key (DEK) block from a DEK manager, wherein the DEK block comprises a DEK associated with the sensitive data item. The embodiment generates and encrypts a cipher ticket comprising the ciphertext value of the sensitive data item. The embodiment then sends the result set, the cipher ticket, and the DEK block to the client for decryption of the ciphertext value of the sensitive data item.